build: attempt fixing security issues

[odcey]

Description

we're having critical security issues on some dependencies
i'm investigating, mainly caused by release-it
one of the issue is on vm2 package: https://www.npmjs.com/package/vm2
but the package has been deprecated and still used on release-it, someone warned here: release-it/release-it#1024
the other issues are around semver package, also mainly in release-it package

Type of change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Refactor (code improvement)
• Styles (adding, editing or fixing styles)
• Unit test

How Has This Been Tested?

Please describe the steps to test.

Evidence

Please add some evidence like screenshots or records.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

[rajat43]

approved